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(57) Abstract 

A svsicm with a network interconnecting a server and s 
plurality of user station^. Tnc server stores a plurality of user 
applications for downloading lo u.^cr stations and further stores 
access permissions for the applications for each user. When a user 
aiiempts to log onto the system, the server uses the user s log-on 
identifier to build a list of applications for which the user has access 
pcmiission. The server downloads to the siauon a list of applications 
lo which the user has access ptnnission. The user station uses 
The list to build a folder containing only the applications from the 
list to which the user has access permission. The system further 
verifies from the list that the user has access to applications thai 
arc represented by objects that the user may have added lo his or 
I her desktop ai an earlier lime. For each user desktop preference 
I ^Dccified bv the user ai an earlier time that corresponds to a use: 
1 apoiicauon; ihc access ptnnission ior the user to the user appiicaiior 
. :^ ciiecked irom iht iiM. and. if mt epplicauon is not mcluoeo oi. 
the list, the deslciop object repicscniing the application is removefJ 
from the desktop. 
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CLIENT ' SERVER SYSTEM FOR MAINTAINING A USER DESKTOP 
CONSISTENT WITH SERVER APPLICATION USER ACCESS PERMISSIONS 

The invention relates generally to the fields of personal computing 
and networking. Specifically, it relates to the new and evolving field of 
network computing, in which desktop computer users use a personal 
computer, . possibly diskless, connected to a network such as a corporate 
intranet, the Internet, or to an network or Internet Service Provider 
(ISP) to gain access to applications which are then executed on the 
desktop computer. More specifically, the invention relates to 
server-besec storage of software preferences (configuration data) for 
software retrieved from a server anc executing at the desktop computer. 

The field of network computers is presently in its infancy.. 
However, it is expected to evolve rapidly, especially in the corporate 
environjTient , for a number of reasons. The expectation is that as 
companies anc possibly individual users reach hardware and software 
upgrade points, it will be more efficient and less expensive to move to 
this new field, rather than upgrade in the traditional way with disk 
equipped coinputers and locally stereo and administered software 
applications. For example, in the corporate environment, a user can be 
connected to a corporate intranet, using, for example, the TCP/IP and HTTP 
protocols of the Internet, and cov.'nioed software applications as they are 
needed directly from a network server to the desktop computer. An 
application is executed on the desktop in the traditional manner by the 
user to perform useful work. An advantage of this configuration is that 
network computers are substantially less expensive than traditional disk 
equipped computers. It might also cost less to purchase the required 
number of software licenses for users, rather than purchase individual 
copies of software for each user. Certainly, the software administration 
problems that attend large numbers of corporate users will be 
substantially reduced. At the present time, each user of a disk equipped 
computer or workstation often is effectively his or her cvm system 
administrator, a role that often consumes excessive resources due to lack 
of expertise. , It is expected tc t greet odvsr.tace to eliminate this 
problem by effectively offloading the problem to a small number of server 
administration experts, rather than having many users struggle with the 
problems of software installation, upgrades and computer administration. 

AS nientioned above, this vision of the future of personal computing 
is presently in its infancy. As e result, there are presently many 
problems and deficiencies with existing systems. 
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Typically, in network computer systems, an administrator creates 
user profiles that are stored on a network server. The profiles may 
contain different types of information, such as user desktop preferences 
and user permissions for access to different software applications that 
5 might reside on the server, when a user logs onto the system, the user 
identifies him or herself to the server, the server locates the profile • 
for the user and transmits it to the user computer where it is used to 
configure the computer and generate a desktop. The desktop might include 
a number of icons representing applications to which the user presumably 
10 has access- The profile likely also contains other attributes of the 

computer and desktop, such as for example, the background colour of ^he 
desktop, or character fonts and point sizes used on the desktop, or data 
file search paths, etc. that are unique to the user. The profiles may be 
user modifiable or non-modif i&ble . 



In an environment in which users can modify their own profiles, a 
modified profile is uploaded back to the server at log-off time, where it 
is stored for retrieval the next time the user logs -on. In some prior art 
systems, to the best of our knowledge, the users can generate on their 

20 desktops any configuration of application icons they wish, whether or not 
they exist on the server, and whether or not a user actually has access 
permission to an application on the server. The Lotus Workplace Desktop 
(previously called Kona Desktop) system is an example of this type of 
operation. In other systems, the server presents a list to the user of 

25 all applications that the server has, from which the user can pick. In 
this case, there is no guarantee that the user actually has access 
permission to an application that is selected from the list for inclusion 
on the desktop. The Sun Hot Java Views system is an example of this type 
of system. In other words, the prior art systems do not correlate between 

30 what the user can configure for the set of desktop application icons and 
applications to which the user actually has permission access. In such a 
case, when the user clicks on a icon to execute an application, an error 
message may occur (such as an unauthorized access message) if access 
permission is net present, or in a worse case, the user's computer may 

3f crash. 

Anctr.e: l;~it:etacn with existir.c art is that & ilai cata structure 
is used to model users, user groups, terminals and groups of terminals. 
Modeled after a common scheme for managing user access to computer 

4C resources, knoyn network computer implementations (e.g., Lotus 

•Administration . Facility for Desktops, Microsoft windows NT Profiles and 
Policies, and Sun Hot Java views) implement a flat 'groups' structure on 
the server for managing software preferences (or attributes) in various 
contexts. A 'context', as used here, refers to an individual user, user 

45 group, terminal, or terminal -croup. Any grouping structure for 
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managing software preferences on the server allows an administrator to 
define preference attributes for different croups of users as well as for 
individual users. However, flat systems are inflexible* in many 
environments, especially in enviroriments having large numbers of users. 
It is desirable to provide an administrative tool supporting the 
organization of preference information into a hierarchical structure. 

Another limitation with existing systems is that they are limited in 
the ways that administrators and users have to perform user configuration 
of workstation desktops. For example, administrators are presently 
required to configure user preferences using configuration programs that 
are separate from, but associated with, a user application. It is 
desirable to allow vendors to provide only a single application. To 
require only an end user application from a vendor necessitates that the 
central management facility be able to execute the end user application in 
a context of a user or user group. The prior art does not allow this 
administrative flexibility of operation. In other words, in the prior 
art, to the best of our knowledge, an administrator does not have the 
ability to run a user application in the context of a user to set 
preferences for that user and application. Further, in the art, an 
administrator cannot run a user application to set preferences in the 
context of a group of users. 

Still another limitation in the prior art known to the inventors is 
the manner in which the prior art partitions server permanent storage 
space to guarantee that a unique space is reserved for storing user 
preferences related to the different applications on the server. To the 
knowledge of the inventors, the problem of preventing collisions in the 
storage of preference information for different applications m 
object-oriented systems, in which an object can be queried for its fully 
qualified class name which uniquely identifies and differentiates it from 
other classes, is solved by having a first central authority assign a 
unique designation that applies to a vendor and by then having a second 
authority at the vendor assign a seconc designation relative to the first 
cesicneticn rcr each vendor appilcat :cr. . Fcr example, veneer might be 
assignee the cesjcnation vendor^ ry ih^ first authority and thai 
designation is guaranteed to be unique within the architecture for which 
the first authority is acting. The second authority at vendor A then 
assigns the second designation for each of its applications within that 
■architecture. For example, one of vendor A's applications might be 
designated— vendorA.Appl; another might be designated vendcrA. App2 . The 
art maps the unique designation for each application in a system to a 
location in periTianent storage of the system to guarantee that preference 
daca for the different applications do not collide in storage. An 
application, when running, informs the network computer server of its 
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unique storage location and it is the responsibility of the server to 
partition an area at the starting location according to a context (user, 
user group, terminal or terminal group) for storing preference 
information so as not to collide with preference information in a 
different context. Clearly, this manner of administering storage space is 
awkward and undesirable. It is desirable to devise a method tc 
automatically generate unique storage locations for storing preference 
information for the afore mentioned object-oriented applications, without 
resorting to the requirement of having central authorities assign unique 
designations for the purpose of preventing collisions in the storage of 
preference information and without coding storage location information 
into an application. 

Still another limitation in the art lies in the lack of any 
provision to migrate existing applications and hardware into the new 
environment of the centrally managed network computing world without 
requiring changes to the existing hardware end applications. Existing 
hardware, a terminal for example, in a networked environment, gets its 
configuration inforir.etion at boot-up time from a file in a specific format 
located on a server. The terminal is programmed to know how to access its 
configuration file. The terminal uses a unique identifier to access the 
file from the server. The unique identifier is often the media access 
control (MAC) ccdress of the terminal. However, in a new centrally 
managed environment involving protocols and API's that are different from 
25 that to which the terminal is designee, the terminal cannot access 

preference inforr.ation in the new environment, the terminal can only 
access its configuration file in the way for which it is designed. This 
is a serious problem, because there are n4any such existing devices in use. 
The inability to use them in new syste.TiS impedes substantially the 
30 incentives for users to migrate to the new systems. 

Still another limitation in the prior art concerns the interface 
between an administrator and the configuration management system. When 
configuring software within an administration facility to configure 

3r preference information for various users and user groups, and terminals 
and terminal groups, the administration scftware launches in the context 
(user, user crcu',>, terTiinai or teritar.t: croup} set by the Administratoi 
who is running the facility, when the Administrator changes the context 
that the application is running under, the application needs to be 

40 relaunched to lead configuration information for the new context. The 
process of relaunching software each time a context is changed is time 
consuming and inconvenient for an administrator, especially in systems 
with many users, in such systems, it is expected that an administrator 
will change contexts many times while configuring an application. 

45 
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According to one aspect, the invention provides, in a network system 
comprising a network interconnecting a server and a plurality of user 
stations, a method of managing desktops on the user stations from the 
server, wherein the server stores a plurality of user applications for 
downloading to user stations, and further stores access permissions for 
the applications for each user, said method comprising steps of: receiving 
at the server a log -on request including a user identifier from a user 
station; using the identifier to build a list of applications for which 
the user has access permission; downloading to the station the list of 
applications for which the user has access permissions; and displaying on 
a portion of the desktop objects corresponding to each application in the 
list, said objects when selected by the user being operative to request a 
download of the corresponding application to the user station. 

According to a second aspect, the invention provides, in a network 
system comprising a network interconnecting a server and a plurality of 
user stations, en apparatus for manecinc desktops on the user stations 
from the server, said apparatus comprising: means for receiving at the 
server a log -on request including a user identifier from a user station; 
means for using the identifier to build a list of applications for which 
the user has access permission; means tcr downloading to the station the 
list of applications for which the user has access permissions; and means 
for displaying on a portion of the desktop objects corresponding to each 
application in the list, said objects when selected by the user being 
operative to request a download of the corresponding application to the 
user station. 

According to a third aspect, the ir.vention provides a computer 
program product stored in a computer readable storage medium for, when run 
on a computer, carrying out in a network system comprising a network 
interconnecting a server and a plurality of user stations, a method of 
managing desktops on the user stations from the server, wherein the server 
stores a plurality of user applications for downloading to user stations, 
and further stores access permissicr.s fcr the applicat icr.s for each user, 
said method ccircrising steps of: receivir.c az the server a jcc-on request 
inciucmc a user identifier iron, a user szazic:.; usiiic t:- identifier tc 
build a list of applications for which the user has access permission; 
downloading to the station the list of applications for which the user has 
access permissicns; and displaying on a portion of the desktop objects 
•corresponding to each application in the list, said objects when selected 
by the user being operative to request a download of the corresponding 
application to the user station. 



The system described herein provides a common repository for 
configuration information for users and applets in a cl ient - server 
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environment. This is referred to as client profile management. The 
system allows users to roam, that is, to log-in from any computer in.^he 
system at any time and have it configured automatically at run time 
according to the preferences stored for the user at the server. The 
5 preferred embodiment is a Java (Java is a Trademark of S\m, Inc.) based 

system and the client computers use a web browser interface arranged to - 
execute Java applications. Thus, in the preferred embodiment , user 
applets and the desktop applet are assumed to be Java applets* However, 
it is not intended to limit the invention to a Java environment. 
10 Preferences for the locally stored applications might be stored locally in 
the traditional manner, while preferences for the server-based applets 
might be handled in the way described herein. 

The invention solves the problem whereby a user is able to configure 

15 his or her desktop so as presumably to be able to access an application on 
the server when/ in fact, the user does not have system permission to 
access the applicatlcr.. when the user loos onto the system, the user 
identifies him cr herself to the server by means of a system identifier 
&nd a password. The server uses this information to built dynamically a 

2C list of applications to which the user has access permission. That list 

is transmitted to the users station. The application list is then used to 
build a portion of the desktop, preferably a desktop folder, of 
applications to which the user has access permission. Preferably, the 
folder is composed of a number of application icons each of which 

25 correspond to a different application and which may be selected by the 
user to launch the associated application. Associated with each 
application in the list are parameters necessary for the user to execute 
the associated application. For example, one such parameter might be the 
URL on the server used to invoke the application. Nothing prevents a 

30 user from modifying the desktop. For example, after the desktop is built, 
the user generally can add other application icons to the desktop, even 
though they would not be accessible to the user. A more common case might 
be where the user copies an application icon that is dynamically generated 
from the list from the generated folder to another part of the desktop and 

35 then logs off. when the user logs off, or otherwise saves his or her 

. preferences for the desktop via any methcc the system might provide, the 
ccpiec icon is sevec ::c the server ar:c becomes part of the preferences 
configured for the user. When the user later logs onto the system, the 
copied icon is reproduced on the desktop, not as part of the automatically 

4 0 generated list .of accessible applications, but just as part of the 

individual preferences set by the user. Thus, the user can still wind up 
with applications configured on the desktop to which the user does not 
have access. A related feature of the invention prevents this occurrence 
from happening by also testing each application access preference set by 

45 the user against the application permissions present on the server. If a 
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user has included an application object on the desktop to which he or she 
does not have access permission, then the object is automatically excluded 
from the desktop object that is built by the server at log on time. 

In a preferred embodiment ccmprising a system with a network 
interconnecting a server and a plurality of user stations, the server 
stores a plurality of user applications for downloading to user stations 
and further stores access permissions for the applications for each user, 
when a user attempts to log onto the system from a user station, the 
server receives a user log-on identifier from the user. The server uses 
the identifier to build a list of applications for which the user has 
access permission. A desktop object is then downloaded to the user 
station to ccntrol the interface between the user and the user's station. 
The server also downloads to the station a list of applications to which 
the user has access permission. The user station uses the list to build a 
folder containing only the applications from the list to which the user 
has access permission. The system further verifies that the user has 
access to applications that are represented by icons that the user may 
have added to his or her desktop at an earlier time. For each user 
desktop preference specified by the user at an earlier time that 
corresponds to a user application, the cccess permission for the user to 
the user application is checked from the list, and, if the application is 
not included on the list, the desktop object representing the application 
is removed from the desktop. 

Fig. 1 shows an illustrative network and user stations, including an 
administrator's station, in which the invention might be practised; 

Fig. 2 shows an illustrative biocx diagram form of the 
administrator's station in communication with a server, and components of 
the administrator's station and the server for providing the central 
profile management and preference administration; 

Fig. 5 shows one illustrative hierarchical organization of user 

groups and users of a systeir.. The illusiretive hierarchical crcanization 

micht also ccn:a:r. incividuej terr.-:.cl£ cnc terniinai croups; hcwevei . 
I 

these are omitted for simplicity; 

Fig. 4 shows one illustrative listing of individual users and the 
group priority order that is used to determine a set of preferences from 
the hierarchical organization of Fic. 3 that apply to a user and a 
specific application executed by the user;. 

Fig. S shows a more detailed view of the administrator's station and 
server of Fig. 2; 
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Fig. 6 shows aii illustrative view of the software objects at a 
user's terminal, including a user application and the API between the 
application and other componentSf that cooperate to establish the user 
preferences during execution of the application as the user's terminal; 

5 

Figs. 7 through 6 show illustrative operations at both a user's 
terminal and a server for user log-on and initially establishing the 
user's desktop, including desktop preferences, at the user terminal; 

10 Figs. 9 through 11 show illustrative operations at both an 

administrator's terminal, and a server for administrator user log-on, 
establishment of the administrator's desktop, and, by way of exaniple, the 
selection of an application and a context for configuration; the example 
also illustrates a context change during configuration the user's desktop. 

15 and the resulting operations; and 

Figs. 12 through 24 show a variety of actual administrator screen 
snapshots in varioiis phases of application administration, including 
building of a hierarchy of which Fig. 2 is a representation of an 
20 example of, the creation and deletion of users, etc. the establishment of 
application preferences for applications, and context changes during 
preference establishment. 

The system described herein provides a common repository for 
25 configuration information for all users and applets in a client • server 
environment. This is referred to as client profile management. The 
system allows users to ream, that is, to ice -in from any computer in the . 
system at any time and have it configured automatically at run time 
according to the preferences stored at the server. The preferred 
30 embodiment is a Oava (Oava is a Trademark of Sun, Inc.) based system and 
the client computers use a web browser interface arranged to execute Oava 
programs . 

The terms 'applet* and 'servlef are established terms in the Java 
35 programming langucce art and will be used herein, since the terms have 

meaning to those ski lied in this art. 'Applet' refers to an independent 
software moduje tr.&*w rur.s within a Javc er.-cbjec web browser. Servlet 
refers to a software module that resides on a Java enabled web server. It 
is to be understood that the use of the terms 'applet' and 'servlet' 
40 herein is not intended to limit the invention in any way. For 

clarification, the phrase 'configuration applet' is used herein to refer 
to a software moduie used to configure preferences for an end user 
software application such as a word processor, a database manager, etc. 
Since software applications are also 'applets' in the Oava environment. 
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the phrase 'user applet' or just 'applet' is used herein to refer to an 
end user application. i 

in' the preferred embodiment , user applets and the desktop applet 
5 are assumed to be Java applets. However « it is understood that the 

invention is not limited to a Java environment. "^he invention can be 
used in any client-server system. For example, if desired, the system 
could be designed to use proprietary communication protocols and 
applications written and compiled in any desired programminc language. 

10 Further, even in the preferred Java based environment, disk-based 

computers might access some applications locally, and other applets from 
the server. Preferences for the locally stored applications might be 
stored locally in the traditional manner, while preferences for the 
server -based applets might be handled in the way described herein. 

15 Preferably, however, preferences for locally stored applications are 
stored on the server using the Profile Mancoement Properties API in 
addition to the preferences for server based applets described herein. 

A simple Application Program Interface (API) allows applets written 
20 to the API to easily store and retrieve preference data when the applet is 
executed by a user or adTiinistrator . Applet permissions and user 
preferences can be defined based on group memberships and individual 
identity. 

25 Client profile -.antgement includes the foliowing services: 
Log -on support • r.apping to a user profile; 

User support - the cdministrative ability zo create user identifications 
3C and provide services and preferences directly to users; 

User groups support - the administrative ability to create hierarchical 
groups of users and provide services end preferences based on group 
memberships ; 

*• t 

User applet context trenspcrency • eutCHictic deteminaticr; c: the context 
of user applet execution. That is, the determination of the user and/or 
group profiles that apply to a user applet execution and the automatic 
establishment of the profile environment; 

40 

User applet preferences repository • context-sensitive server storage for 
user applet configuration data; 
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Dynamic user applet preferences inheritance - hierarchical load- time 
coalescence of user applet preferences via the object-oriented principal 
of inheritance; and 

5 User applet access control - control of user applet execution based on 
aroup default membership privileges. The administrator can override 
default group privileges and permit or deny additional access privileges 
for individual users. 

10 Profile manegement provides a framework through which these tasks 

are performed. Some tasks are supported by profile management directly, 
e.g. user/group manegement, applet lists, context switching, preference 
inheritance, etc., while configuration services specific to user applets 
are usually supported by separate configuration applets invoked by a 

15 system administrator within the client profile management environment. 

Seme end user applets mioht provide the configuration capability as part 
of the end user applet. If this is the case, the administrator can run 
the end user applet (as opposed to a separate configuration applet) in the 
context of individual users and groups to set the configuration 

20 preferences for those users and groups. 

Fig. 1 shows one high level view of an intended environment for 
practising the invention. A network 100 is provided for interconnecting a 
plurality of user stations, such as desktop personal computers 102, mobile 

25 laptop computers 104, workstations 106 (e.g., RISC computers), an 

administrator's station 108 and a server 110. In one embodiment, network 
100 might be a local area network. In another embodiment, network 100 
might include wide area networking for entities such as corporations that 
have geographically displaced sites that are still included within the 

30 system. There is no intent to limit the environment in which the 
invention might be practised; indeed, a network of any type that 
interconnects many types of stations is envisioned. 

A high-level diagram of the profile management administrative 
3: operating environment is shown in Fig. 2. An administrator client network 
ccinputer 200 is represented on the left of the Fie. and a" server 202 for 
tJ-jfe system is on the right . The ciien*. and server communicate via a 
network represented as 202. The particular example of Fig. 2 assumes that 
the client computer is a system administrator's conqputer. 
40 , 

Profile manager 206 on the client sice allows the administrator to 
configure user applet preferences at both user and group levels. The 
administrator can create new users and group hierarchies, add users to 
different^ groups, specify japplet permi_ssions for each. group and for 
45 individual users. And the administrator can configure applets in the 
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context of an individual user or a group. The administrator can add^ 
delete and reset passwords for users. Profile management support is 
transparent to the general user. The administrator can 'invoke the profile 
manager 206 in the context of any user or group. Only the administrator 
5 can change from his/her context to administer clients (users) and groups. 
The server will not allow a user without administrative authority to 
switch context, when a request comes into the server, it will query the 
authenticated ID of the user trying to access this function. If the user 
does not possess administrative authority, (i.e., is not a member of the 
10 AllUsers. Administrator group), the Profile Manager Servlet 214 will 
reject the request. 

Profile manager 206 invokes other applets, such as appletl (206), as 
shown in Fig. 2. in this example^ appletl might be the administrative 

15 eppiet for configuring preferences related to user desktops. Or appletl 
could be a configuration utility related to an end user applet, such as 
editors, word processors, databases, etc. It is preferred, but not 
reouired, that configuration applets such as 20S exist as modules separate 
from their corresponding user applets. In the context of Fig. 2, Appletl 

20 is typically a configuration applet for a user eppiet? the administrator 
runs the configuration applet appletl under s group context to set croup 
preference and permission defaults, or in a user context to customize user 
' applet configurations for an individual. By implementing appletl as a 
module separate from its user applet, performance is enhanced, since the 

25 configuration appletl will likely be small compared to the user applet. 

Also, separate configuration applets allow the administrator to control 
the end users ability to configure the user eppiet. 

Traditional stand-alone computers store user applet configuration 
30 information locally in association with its the user applet. Traditional 
stand-alone Java based computers store user applet configuration 
information using the format provided by the java.util. Properties class. 
Both arrangements require that the user applet specify the name of a local 
file in which to stcre configuration inforr.etion related to the user 
35 applet. In other words, c relationship is required between the computer 
and the user applet icccec on it. Prcfiie manacenient as described herein 
provides the familiar capabilities of a real Sava.util. Properties object 
plus additional facilities supporting user -reaming capabilities and 
seamless pluggability into a powerful administrative framework (the 
40 • Profile Manager) . 

Prof ileManagementProperties P 210 is a properties object for appletl 
and provides an API between Appletl and the server that allows the server 
to determine where to store configuration information for appletl in the 
45 context of users and groups. The Prof ileManagementProperties object class 
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provioes all of the functionality of the java.util.properties class with 
the further ability to provide create, save, and retrieve the 
configuration information for software from permanent storage. Storing 
such information in a central location makes management of user and group 
configurations possible. 

v?hen a user is in the role of administrator, Prof ileManagementProperties • 
210 allows the administrator to configure the user applet corresponding to 
configuration appletl, or to configure appletl if appletl is an end user 
applet, and store the configuration information in the proper place on the 
server in the proper context. This allows the establishment of a 
relationship between the user applet and the user, rather than between 
user applet and computer as in traditional systems. 
Prof ileManagementProperties 210 is an extension of the 

jave.util . Properties class. The extension allows the key/value pairs of 
preference information of a Properties object to be associated with a key, 
as opposed to a stream, as with java.util. Properties. This, in turn, 
allows application developers to use the key to specify a unique location 
relative to a context for preference information, rather than a file name 
and path. Prof ileKanagementFroperties 210 determines the key 
automatically. The generation of the key is discussed more in connection 
with Fic.'s 8 and S. By modelling Prof ileKanegementProperties 210 after 
the j ava . util . Properties class, the system can take advantage of 
preference inheritance through recursive class - default evaluation. Thus, 
this extended class provides a "group default" capability by accumulating 
preferences starting at a current context, as discussed with respect to 
Fic. 2, and traversing up the contextual hierarchy for defaults. 

Server 202 includes a database 212 that stores user data and group 
data, such as user and group preferences and user applet access 
permissions. Webserver 218 represents a typical web server with support 
for ucva applets. Profile Manager servlet 214 maps user and group 
identifications to preference data. It also rr.aintains an access control 
list to manage user access to applications on the server. 

User and group preferences are stored as a tree hierarchy, as shown 
Ir. F:c. 2. All users of the system automat leal jy belong to the top group 
hlivserz. Ail users beior.c to the AllUsers croup; this group contains the 
default preferences for some or all user applets on the server. In Fig. 
3, it is assumed that the server contains at least three user applets, 
identified as App3, App4 and App5. As indicated in the AllUsers group, 
the default background (BG) for App3 is BG = blue. Other illustrative 
preferences labelled as x, y and z are shown to have the default values of 
1, 2 and 3 respectively. The terms x, y and z are intended to represent 
any desired preference and the values 1, 2 and 3 are .arbitrary and used 
merely to illustrate the point. The x preference might for example be the 
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screen font for the desktop; the value x = 1 micht call for a default font 
of Times-Roman. Similarly, the default preferences foriApp4 for all users 
are BG = grey, x « 2, y = 2 and 2-2.. ' 

5 The default values in the AllUsers group can be modified in any 

desired way for other contexts, such as for other user groups and 
individual users. By way of example, in addition to the context of 
AllUsers in Fig. 3, four other groups (GroupX, GroupY, GroupYl and 
GroupY2) are shown. Additionally, two individuals Userl and UserN are 

10 shown, users can be members of more than one croup. In Fig, 3, Userl is 
a member of AllUsers, GroupX and GroupYl; UsenN is a member of AllUsers 
and Groupy2. If a user is a member of more than one group (another croup 
in addition to AllUsers), then the groups are prioritized for the purpose 
of selecting the preferences for a given applet for that user. The 

15 administrator configures the group priorities for a user. Group priority 
is illustrated in Fig. 4. In Fig. 4, Userl hes GroupX (identified by the 
fully qualified name of AllUsers. GroupX for his or her highest priority 
group. Userl's next highest priority group. is GroupYl 

(AllUsers. GroupY. GroupYl) . Userl's lowest priority group is the AllUsers 

20 group. When a user, say Userl, requests to run an applet say App3 , the 
preferences are coalesced from the tree of Fic. 3 according to the group 
or groups to which the user belongs and the user applet is configured on 
the user desktop accordingly. 

25 The first step in coalescing preferences for any context is to get the 
defaults. The defaults for a user, if there are any, is the coalesced 
set of preferences for the applet from the highest priority group from 
which preference information for the applet can be obtained. The defaults 
for a group, if there are any, is the coalesced set of preferences for the 

30 applet from the groups parent (i.e.. The AllUsers group is the parent of 
Al lUsers. GroupX) - If a group has no parent (i.e., the top level AllUsers 
group) , there are no defaults for that group. To coalesce the preferences 
for an applet at a context, the preferences for the applet explicitly 
stcrGC at the context, overwrite the defcult preferences for the applet 

21 fcr the context. Thus, to coalesce preferences into the default set for 
ar. applet in a croup context, recursive calls are made from each croup 
node up to the AllUsers group requesting each parents set of preferences 
for the applet. Please refer to figure 3 to illustrate the following 
example. For example, if the context is Allusers .GroupY. GroupYl , a call is 

40 mace to the parent of GroupYl, which is GroupY, requesting its default 

preferences for the applet. GroupYl makes a recursive call to its parent, 
which is AllUsers. AllUsers has no parent, so AllUsers returns it set of 
preferences for the applet to the call from GroupY. This set of 
preferences is modified by the preferences stored in GroupY for the 

45 applet, if any. This is now the default set of preferences for the applet 
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for the context of GroupYl . This set of default preferences is returned 
to Groupyi as a result of the recursive call from GroupYl to GroupV^ and 
are modified by the preferences at GroupYl for the applets if any, to 
become the actual set of preferences to be used in this instance. The set 
5 of preferences for the context of a user is built in the same way, except 
that the highest priority group from which preference information can be - 
obtained for the user is used to first establish the group context from 
which the defaults will be obtained. Then the recursive procedure 
described above is used to build the actual set of preferences for the 
10 user and the applet requested by the user. 

The following examples illustrate the above preference coalescence 
and should be read in conjunction with Fig. 3. 

15 Example 1: An edministrator runs a configuration applet for App3 to 

set preferences for the group AllUsers.<3roupX. 

To set the preferences for App3 in the context of Allusers.GroupX, 
the present set of preferences must be determined. AllUsers.<3roupX 

20 requests defaults for its parent AllUsers. Since Allusers is the top 

level group, it returns its preferences for App3 to GroupX. These are the 
default preferences for App3 in the context of GroupX. Since GroupX has 
no preferences for App3, the default set from Allusers is the real set of 
preferences to be used. In this example, these preferences from the 

25 Allusers group are : BG=Biue, x=l, y=2, 2=3. The administrator can now 

modify use the configuration applet to modify the coalesced preferences in 
any desired manner. 

Example 2: Userl requests execution of com. ibm. App5 . Preferences 
30 must be coalesced for com.ibm.App3 in the context of Userl. 

Fig. 4 shows that the highest priority group for Userl is 
AllUsers. GroupX; this branch of the group hierarchy will be checked first 
for pref erence information pertaining to App2 . From here on, the example 
35 is essentially the same as example 1 above, except that the coalesced set 
of preferences is used to configure App3 on the user's workstation. The 
preferences for App3 for User! are : BG=Gre6r., x=2, y=2, 2=3 since the 
BG=Green preference stored in the Userl' s context for App3 over rices the 
default BG=Blue preference obtained from the Allusers .GroupX branch of the 

40 preference tree^ 

i 

Example 3: Coalescing preferences for com.ibm.App6 in the context of 

userl. 
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This example illustrates the situation of the highest priority group 
containing no coalesced preferences for the context of ajserl. Again, the 
highest priority group for Userl is GroupX. This group and its parent 
AllUsers contain no preferences for App6. Therefore, the next highest 
priority group is searched. The next highest priority group for Userl is 
GroupYl. A set of preferences can be obtained from this group for App6. • 
The coalescence of preferences proceeds es described in example 1. 
Recursive calls are made from GroupYl up the tree to the root AllUsers 
group and the preference sets are returned back down the recursive calls 
and modified along the way to form the default set. The default set is 
then modified with the preferences stored in GroupYl to form the 
coalesced set of preferences that apply to this context. Stated briefly, 
Allusers returns a null set of preferences, since it has no preferences 
for App6. GroupY modifies this null set with the values a«l and b=2 and 
returns this set to GroupYl as the default set. GroupYl modifies the 
default set with a ==33. This set is returned to the Userl context for use 
es its default set. Since there are no preferences for App6 stored at the 
Userl context, the defaults obtained from the GroupYl branch of the 
preference tree represent the fully coalesced set of preferences for App6. 
The real set of preferences thus becomes a=33, b=2 for this context. 

The above 5 examples described the gathering of preferences in 
response to a loadO for a particular piece of software. When preference 
information is saved for a piece of software, any preferences that have 
been explicitly written at the Context being saved to will be written to 
the data store (212) at the location specified by the combination of the 
Context the software is being run in end the key for the software whose 
preferences are being stored. 

Permissions operate similarly: a new group has access to all the 
applet names permitted by the group itself as well as to all applets 
permitted by its supergroups. However, just as Cava allows the programmer 
to override a superclass method, Profile Kanagement allows the System 
AdT.ir.istrator the ability to override en inherited permission. This is 
called overriding a permission. 

As with Java's form of inheritance, Profile Management's form of 
preferences and permissions inheritance is called single inherizance. 
Single inheritance means that each Profile Ksnacement group can have only 
.one supergroup (although any given supergroup can have multiple 
subgroups) . 

Profile Management users (leaf nodes) rr.ay require membership in 
multiple groups, so a facility is required to limit preference inheritance 
to a single hierarchical group to minimize the chance of corrupt 
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configurations due to the introduction of incompatible variable subsets 
introduced by cross group branch coalescing. By allowing a user's group 
memberships to be prioritized^ profile management can follow a search 
oroer when looking for preferences related to a particular applet. In 
5 other words, starting with the group with the highest priority, the search 
will stop at the first group found to contain configuration data for the • 
applet attempting to load its preferences. ' 

A user inherits software permissions from group memberships, with 
10 careful enterprise modelling, the administrator can assign software access 
to many users without having to navigate through panels, one user at a 
time. Profile management controls access by programming the web server 
to permit / deny access to applets. The web server enforces the access 
control. The profile manager servlet is also protected by the Webserver 
15 reouirirjg user ID'S and passwords to be passed to the webserver for 

authentication purposes. It is standard browser functionality to prompt 
for user passwords as required. 

Fig. 5 shows the system of Fig. 2 in more detail. Configuration 

20 applet Appletl is invoked by the administrator within the profile 

management framework. Appietl may implement the application program 
interface (API) 515 for querying information about its operational 
envircnjTient (e.g., query ccricext, context chanoec: events, query access 
controj list for this context, etc.) to integrate tightly within the 

25 profile management framework, but this is not a requirement for a 

configuration applet. In any event, the designer of appietl need only 
urjcerstcr.d the basic API methocs: enablePersistence ( ) , loadO, and saveO 
in addition to the basic methods of a java.util . Properties object used to 
cet preference information into and out of a java.util. Properties object. 

30 API £15 additionally provides listO and getContextO methods. Applet! 
need only register with the Prof ileManagement Properties class and call 
these iTiethods as appropriate. The loadO method can be called to retrieve 
the present state of preferences for the user applet being configured in 
the context of a user or group selected by the administrator The 

25 ec-Tiinistrator can then modify the preferences as desired and store them 
.'jsir.c the configuration save functionality prcviced by the applet (which 
uses the saveO method cf its Prof ileKanagenjentProp.erties object. 
Similarly, if appietl needs the list of user applets authorized for access 
by a user, it can use the listO method to obtain the list from the 

40 server. The getContextO method can be used by the applet to display the 
name of the context that it is running in or even to ensure that it only 
runs in a certain context (i.e., if an applet wanted to configure a 
service on the server using the export agent, it might only allow itself 
to be run at the Aliusers context since the configuration being exported 

45 is server specific as opposed to user specific. For appietl to run in 
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the profile manaaement fremework, all that is required is for the applet 
to register with Prof ileKanagementProperties 410 and implement the 
Prof ileManagementProperties class, an extension of the * 
java.util .Properties class. 

The profile manager 506 also provides a context change API 516 for • 
configuration applets. Appletl may implement a context change event 
listener 512. The API 516 and the event listener 512 allows the 
administrator to change contexts (user or group) while running the 
configuration applet, without having to stop and restart it. For example, 
when configuring applet user preferences, the acministrator will likely 
chanae contexts many times during the conf i curation . If the configuration 
appiet is registered as a listener to such events, profile manager 506 
will notify it of a context change via API 516. This allows applet! to 
refresh its preferences from the server for each new context, without the. 
event listener API, app2etl would have to be terminated by the 
administrator and restarted after a new context has been selected to 
reference the existing preference information for the new context and 
avoid being stopped and restarted by the Profile ^5anagement applet. To 
register, appletl calls a method on its properties object 
Pre: ileManagementProperties 510 i.e., addCcnt extChangeListener (API 516) 
to register itself, when the administrator sets a new context, profile 
manager 506 performs a set context call (API 516) to object 510, which in 
response calls the reiced method (API 516) on event listener 512. Event 
listener 512 now performs a lead properties cell to its properties object 
510 to get the new preference data from the server for the new context, 
and causes appletl to updates it GUI and internal variables to reflect the 
new preference inf onr»ation. 

The above functionality avoids the possibility of a network 
odmiinistrator reading data from one context, changing context, and 
accidentally overwriting with a saveO when intending to loadO before 
making configuration changes in the new context. 

Applets that dc net register as lister;€r£ wiii be stopped, 
cestroyec, reloaded, anc restcrted by the prc::j€ manager appiet when the 
administrator forces a context change. 

The profile manegement also provides £ "properties export" service 
to allow the easy retrofitting of existing hardware and software into this 
profile management environment. The properties export service allows 
prcfiie manager 514 to support user workstations (the physical hardware) 
as well as users, groups, and user applications. Since existing 
workstations do not know about Prof i leManacenientProperties 510, the export 
service allows workstation vendors to create workstation-configuration 
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applets that specifies an export agent 520 to be invoked on the server 
when the vendor applet saves it preference information. The export tag 
causes an instance of a vendor -supplied class (the export agent 520 
object) to be created and the expert method to be invoked on the object to 
5 specify that workstation configuration information be saved in whatever 

proprietary file format and/ file location (s) that ar^ required by the • 
workstation being configured. 

Assume that appletl is the configuration applet provided by a vendor 
10 for an existing terminal that is incompatible with the present profile 
management system. The vendor also supplies export agent 520. An 
administrator can configure the terminal for operation in this system by 
running profile manager 506, set the context to the terminal being 
configured, runs the vendor supplied configuration appletl and configures 
15 the applet,, when the coministrator saves the configuration, part of the 
information that is transmitted to the server is a unique identifier that 
identifies the terminal being configured. Typically, this is the Media 
Access Control (MAC) address of the terminal. Profile manager servlet 514 
detects that an export agent is specified on the save. Profile manager 
20 servlet 514 detects this from one of the preferences being saved that 

specifies need for the expert agent. The preference specifies the export 
tag in the form of a key value pair of 

>:xxXEXPORT_AGENTXXXX«i fully Qualified class name of export agent) 

25 

The Export Agent's export (Context context, ccnfig properties) method 
is called by the profile :r.ariecer servlet 514 to create one or more files 
522 on the server from the save preferences information. The specific 
file or files are identified by the unique identifier of the terminal that 
30 came with the properties information from appietl. when the terminal 

later boots up, it uses its unique identifier to locate and retrieve its 
configuration information from files 522 on the server in the same manner 
that it always did, independent of the profile management system. 

35 Figure 6 illustrates an appiet2 running on a client -computer . 

Appj€t2 might be an end -user applet such as a wore processor. In any 
event, cppiet2 has access to some of the same API ntethods as shown at 515 
of Fig. 5 if it desires. Appiet2 uses the load method to retrieve 
preferences and the save ntethoc to save any preferences that might be 

40 changed by the end user. EnablePersistence initializes the Profile 

.Management Properties object for applet2 with context equal to the user 
and generates the unique key for identifying the preference information 
storage location on the server, as described above relative to the 
administrator. 

45 
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Fig. 7 shows the situation of a user bringing up his or her desktop. 
The user on the client (700) points his or her web browser at the URL of 
the desktop applet on the server and at step 704 sends a message 
http: //server/Desktop. html) . Since Desktop.html is a file that the server 
protects, a challenge is sent back to the web browser on the client at 
706. The web browser on the client responds by prompting the user for a • 
user ID and password. The client then sends the user ID and password 
information to the server at 706. The user ID and password are shown in 
bold at 708 of Fig. 3 to illustrate that this information is passed by the 
web browser itself. This type of nomenclature is used in other places to 
illustrate the same thing. Since, presumably, the user has permission to 
run the desktop applet, the request will be honoured. 

There are a series of interactions between the client and the server 
(not shov^'n) where the code for the desktop applet is loaded to the client 
from the server. The desktop object is created and begins to execute, at 
712. The desktop object needs, its preference information (i.e., 
configuration information) so it can tailor the desktop for the end user 
who is invoking it. To this end, as part of the desktop object's 
initialization process, the desktop creates a Prof ileKanagement Proper ties 
object ? at 714, which is used to load, , get, cache, set, and save a 
copy of the user's preference information from the server for the desktop 
applet. The desktop object then performs an API call 

P.enabier6rsistence(desktop0bject (applet)) at 716, which, at step 1) of 
71£, initializes the Prof iieKans a ement Properties object P with the URL of 
the profile manager serviet 214. This URL is derived from the URL of the 
desktop applet that was loaded from the server previously. The 
Profije>!an6gementProperties object P sends a request 718 to the profile 
manager serviet 214 to get the context for the user running the desktop 
applet. In this case, the context consists of two components, a context 
name which is the ID of the user, and a context type which in this case is 
User. The profile manager serviet gets the ID of the user from the request 
718 and returns the user context at 719. At step 2 of 716, the 
Prof i 3 el'Sanscement Properties object P is initialized with the context of 
the user r-jnninc the desktop. At step 3 of 71£, the 
Prof iieKcnocementProperties cbiect F generates c \;r.:cu€ key for the 
desktop software by asking the Java desktop object P for its fully 
qualified class name. All Java objects know their class name. This unique 
key is coirbined with the user's context information to provide a parajrieter 
that specifies a unique location in the database 212 for storing the user 
specific preference information for the desktop applet. Any desired 
method can be used for mapping the string consisting of the fully 
qualified class name and the user context information into the data store 
location . Next, a request 720 is sent to the profile manager serviet 
214 to get the preference information, tailored for the user, for the 
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Desktop applet. The context and key are passed as part of the request 720 
to identify the requested preference information. The profile manager 
servlet 214 responds with the requested preference information at 722, 
which is cached in the Prof ileKanaaement Properties object P 604. 

5 

Continuing on at Fig. 8, at 800 the Desktop objpct reads it's 
preference information out of its Prof ileManagementProperties object P, 
and begins to update the desktop accordingly (i.e., it might set the 
screen colour to blue, get information about the position of iconsi etc). 

10 The desktop object calls a iriethod on its Prof ileManagementProperties 
object P to get a list of the software to which the user has access 
permission. The Prof ileManacmentProperties object P requests the 
infonriation at 802 from the profile manager servlet 214, which generates a 
response with the requested information at 804. For each such applet to 

15 which the user has access, the information includes a user friendly name, 
the applet's URL, the URL of an icon for the applet, etc. (information 
that is required for the desktop to represent the applet on the desktop 
and to load and launch it) . and other optional material which is not 
relevant to the invention. This information is stored in the 

20 Prof ileManccmentProperties object P, and returned to the desktop object. 

At 806, the desktop object uses the applet information to build a folder 
for the applets and to generate a window displaying the icons and the user 
friendly nante for each applet to which the user has access. 

25 Assujr.e that in a previous run of the desktop by the user, the user 

dragcec and cropped the icons for some of the software displayed in the 
folder that was just describee. It is possible that at this time the user 
no longer has access to the applets that were dragged and dropped from the 
folder to the desktop. However, these desktop objects normally would be a 

30 part of the users preferences that were saved during the last run and 

would still be displayed on the desktop . To avoid this situation, the 
desktop examines its preferences from it's Prof ileKanecmeritProperties 
object P to check for applets that are configured to appear outside of the 
window that is generated to cispiay all applets to which the user has 

35 access. Fic. 6 assumes that there is only one applet outside of the 

applet winccw that is generated. If there were more then one such applet 
outside cf the applet window, the following procedure would be looped for 
each such applet. At step 810 the desktop checks each of these applets 
appearing outside of the applet window against the list of applets from 

40 . the server to Which the user has access. If the applet appears in the 

list, the icon for the applet is placed on the desktop at 810 in the same 
position as before. If the user no longer has access to the applet, the 
applet is removed from the desktop's preferences at step 814 and removed 
from the Prof ileManagmentProperties object P. If any applets are removed 

45 as part of this process, the desktop tells the Prof ileManagmentProperties 
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object P to save the preferences at step 816. The 
Prof ileKanagmentProperties object P sends a request 818 -with the 
preference, key, and context information to the profile manager servlet. 
214 to save the new preferences information in the Database 212, The 
server sends a response 820 to the Prof ileManagmentProperties object P 
informing the Prof ileManagmentProperties object P that the request was 
successfully completed. 

Fig. 9 illustrates the situation of an administrator running a 
configuration applet to configure preferences for an applet for other 
users or groups of users. It is understood that the principles discussed 
here also apply generally to the configuration of terminals or groups of 
terminals. The administrator on the client 900 points his or her web 
browser to the URL of the profile manager applet 214 on the server, which 
is to be run. The URL is sent to the server at 904, Since 
ProfileKaneger.html is a file that the server protects, a challenge 906 is 
sent back to the web browser on the client. The web browser responds by 
prompting the administrator for a user ID and password. The request to get 
ProfileKaneger.html is then repeated at 908 to the server with the user ID 
and password information included in the message. Since presumably the 
administrator has permission tc run the profile .T;aneger, the request is 
honoured and a profile manacer applet is downlcaded to the administrators 
terminal at 910. There are a series of interactions between the client 
and the server (not shown) where the code for the profile manager applet 
is loaded to the client from the server. The profile manager object is 
created and begins to execute at step 912. 

A Prof iieManagementProperties^nonContextFloating is used by the 
profile manager instead of a norrr^al Prof ile>5aneGementProperties object.. 
It has the same behaviour as a Prof ileKanagementProperties object with one 
exception: when preferences are loaded and saved, they are loaded and 
saved to and from the context of the administrator who is running the 
profile manager, as opposed to loading and saving to and from the context 
(i.e., user cr user group) for which the administrator is configuring. 

T.":e prcfii,e manager object needs its pre:erer.c€ inrcrmaticn (i.e.. 
configuration information) so it can tailor the profiie manager for the 
administrator is invoking it. To this end, as pert of the profile manager 
object's initialization process, the profile manager creates a 
Prof iieMancgementProperties_nonContextFloating object P.NCF at step 914, 
which is used to load, get, cache, set, and save a copy of the 
administrator's preference information from the server for the profile 
manager applet. The profile manager object then calls 

p_NCF.enabl6Fersistence(prof ileManagerObject (applet)), which in step 1 of 
916 initiali2es the Prof iieKcnagementProperties^nonContextFloating object 
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P_NCF with the URL of the profile ir.ariager servlet 214. This URL is derived 
from the URL of the profile manager applet. The 

Prof ileManagementProperties_nonContextFloating object P_NCF sends a 
request 918 to the profile manager servlet 214 to get the context name 
5 (ID) of the administrator and the context type (USER) . The profile manager 

servlet gets the ID of the administrator from the request (918) . The web- 
browser passes the administrator ID and password in the message along with 
the information sent by the Prof ileKanagement Properties_nonContextFloa ting 
object P_NCF . The Prof ileManagementProperties^nonContextFloating object 
10 P_NCF is initialized with the context of the administrator running the 
applet at step 2 of 916. At step 3 of 916, the 

Prof ileKanag€mentProperties_jnonContextFloating object P_NCF generates a 
unique key for the profile manager applet by asking the Java 
prof ileManacerObject object (passed as a parameter in the 
15 enabierersistence call) for its fully qualified class name (i.e., 

prof iieManacerCbject.getClass 0 .cetNameO ) . This unique key, combined with 
the administrator's context infonriation, is mapped to specify a iinigue 
location in the database 212 for the administrator's specific preference 
information for the profile manager applet. 

20 

A request (922) is sent to the profile manager servlet 214 to get 
the preference information tailored for the profile manager applet as 
configured tor the administrator. The request (922) includes the 
appropriate context name and type and key information to identify the 

25 appropriate preference information. The profile manager servlet 214 

responds with the requested preference information (924), which is cached 
in the Prof il6KenaGementProperties_nonContextFloa ting object P_jaCF. The 
profile TT.ancger reads its preference information out of the 
Prof ilGMar.acezTientProperties.nonContextFloating and updates itself 

30 accordingly (i.e., sets its background colour to blue for example). 

Operation continues at Fig. IC. The profile manager requests the 
infonriction about existing users, user groups, and software from the 
profile rr.enecer servlet 214 and builds the tree in the left panel of the 

25 profile manscsrs configuration window at 1002. See Figs. 13 through 24 
for exampjes cf the administratcr' s jeft panel. At this point 1004, the 
adir.inlstrctcr selects a oesirec context for confiourinc by clicking on a 
user or croup from the left panel tree. The profile manager sets the 
context for Prof ileManagementProperties objects by calling 

40 P«NCF. set Context (selected context). See Fig. 13 for a selected context of 
'User Groups', ^Vhich refers to the group of all system users, or to Fig. 
18, where a croup context of 'Development' is selectee, or to Fig, 21 
where a user context 'colleend' is selected. Next, at step 1006, the? 
administrator selects an applet to be configured from a list of all the 

45 applets on the server. See Fig. 17 for an example of selecting an applet. 



-vSDCXriO- <WO_9S57863Al_l.> 



wo 99/57863 



23 



PCT/GB98/03866 



At Step 1008, the administrator then clicks a Run/Customize button to run 
the applet selected for configuration. This applet might be a separate 
configuration applet for an end user applet, or it might be the end user 
applet itself. The selected applet is requested and loaded from the 
Server at 1009 and 1011. At step 1010, the configuration applet object is 
created and begins to execute and to generate its 
Prof ileManag ement Proper ties object P- 

If it is assumed that the applet is a separate configuration applet 
for an end user applet, then at step 1012, the applet calls 
p.enableFersistence(configAppletObject, 

fullyOualif iedClassNameOf AppletBeir.cConf igured) . On the other hand, if 
the applet is a user applet, rather than a separate configuration applet, 
the cell would be p.enableFersistence (endUserAppietObject) since it wants 
to configure its own preference information as opposed to the preference 
infcnr.ation for another applet. The current Context is already known by 
the prof ileHanagementProperties object P since it was previously set by 
the administrator via the administrator's 

Profi.leKanaaementProperties.nonContextFloating object PM_NCF. The location 
of the profile manager servlet 214 was previously generated when 

enableFersiStence was called on the Profile Managers 

Prof ileManaaementProperties^nonContextFloating object PM.NCF. in the case, 
of a configuration applet, the unique key for the applet does not need to 
be generated because it is passed by the configuration applet to the 
prof iieManegementProperties object P in the enableFersistence call. 

At step 1014, the configuration applet registers itself with its 
prof iieManegementProperties object P as a context chance listener. As 
discussed earlier, this allows the applet's prof ileKansgentProper ties 
object P to notify the applet if the administrator makes a context change 
so that the applet can load the preference inforr.aticn for the new context 
and update its Graphical User interface to reflect the new configuration 
information, without requiring that the applet be terminated and 
relaunched in the new context. 

Operation continues at F^c. 11. hz step 1104, the ccnf iguratior. 
applet tells the Prof ileHanagementProperties object P to load the 
preferences from the current context for the applet being configured. A 
request 1105 is sent to the profile manager servlet 214 to get the 
preference information, tailored for the context previously selected by 
the administrator, for the applet being configured. The request 1105 
includes the appropriate context name (the context the administrator has 
selected) and the context type (USER, USER_GR0UF, or ALL_USERS_GROUP as 
appropriate) and key information to specify the location of the 
appropriate preference information. The profile mancger servlet 214 
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responds with, the requested preference information at 1106, which is 
cached in the Prof ileManagement Properties object P. The configuration, 
applet gets preferences from the Prof ileKanagementProperties object P and 
updates its Graphical User Interface accordingly. 

5 

The administrator configures the applet at 1107 and saves the 
modified preferences, for example by clicking a SAVE bJtton provided by 
the applet. As a result of this operation, the configuration applet calls 
the saveO niethod on its Prof ileKanagamentProperties object p. The 
10 Prof ileManecementProperties object P sends the preferences and the unique 
key for the applet being configured and the information specifying the 
current context to the profile manacer servlet 214. The profile manager 
servlet stores the preference information in the database 212 in the 
location specified by the Context and the key. 

15 

Step 1108 is an example of the administrator now changing context, 
while the configuration applet is still running. The administrator 
selects a new context by clickinc on a user or user group (see Fig. 18 for 
examples of T^ew contexts in the administrators left screen panel) . As a 

20 result of the context change, profile manager 506 sends a set context 
message to Prof ileKangementProperties object P (510) by calling 
P_NCF. setContext (selected new context), which in turn celises object P to 
notify event listener 512 of the context change via the reload properties 
API 515. This occurs at step lllC. At step 1112, the event listener 512 

25 performs a IcadO call to retrieve the preferences for the new context and 
the object P is updated with the new preferences at step 1118, The 
administrator can now proceed to modify the new preferences for the new 
context, if desired, and to save them if required, and then to proceed on 
with a new context change if necessary as described above. 

30 

The reir.cining figures 12 through 24 show actual screen snapshots of 
an administrator's workstation while running portions of the profile 
manager 206. 

25 The m&izi configuration window 1200 is shown in Figure 12. The tree 

view panel 12C2 on the left of the window depicts profile management 1204 
as one of sever&i services avaiicbje on the server, when this item 1204 is 
selected es shown in Fig. 12, the right panel 1205 of the main window 
displays a welcome message for the profile management service. Expeuid and 

4 0 contract icons such as 1208 are used to control the appearance of 

sub-items under i an item in the left panel, if any exist. The in 1208 

is called sn 'expand icon' and indicates that there are sub- items beneath 
'Profile management'. The administrator can display these sub-items by 
clicking on the expand icon 1208, which will then become a 'contract icon' 

45 ('-'). 
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Fig. 13 illustrates an expansion of the Profile management item 1208 
in Fig. 12, which results in the display of three default sub-items in 
Fig. 13 - 'Applets' 1300, 'User Groups' 1302 and 'Users* 1304 . Expansion 
icons indicate that these items can also be expanded. 'Applets' 1300 
5 allows the administrator to define the user applets available on server 
202, 'User groups' 1302 allows the administrator to create and populate 
the user group tree of Fig. 3 and to set group preferences. 'Users' 1304 
allows the administrator to create new users and to set their preferences 
or to change preferences for existing users. In the example of Fig, 13 

10 'Applets' 1300 is selected, when this item is selected, panel 1305 on the 
right of the window displays a list 13 06 of user applets that have already 
been defined to the system. Attributes of the application that is 
selected in 1306 are shown at 1308. The administrator defines a new 
applet by selecting <NEW> in 1306 and entering the name and location 

15 information requested in 1308. An existing applet 'Database Explorer' is 
shown selected in 1306. At 1308, the 'Applet name* field displays this 
applet name. The 'URL' (Universal Resource Locator) field displays the 
intranet or internet web address of this applet on server 202. The field 
'Complete path of html file' displays the directory path and file name of 

20 the applet in the disk directory structure of server 202. The field 
'Fully qualified class name' displays the fully qualified class name of 
the applet. The field 'Icon URL' displays a web address of the image file 
used to generate an icon for the applet on a users desktop. The remaining 
fields are for optional inf cr.T.ation that may be required by the software 

25 upon invocation. A comirand button 1310, 'Import .^ipplet List from File', 
allows the administrator to append definitions of applets to the existing 
list .1306 from an existing text file, when button 1310 is clicked, the 
window shown in Fig. 14 pops -up and allows the administrator to enter the 
path end file name of the text file containing the applet definitions to 

30 be appended. To save all pending changes, the administrator clicks on 
File 1312 and then Save (not shown) . 

In the left panel, the User Groups item 13 02 corresponds to the 
AllUsers croup of Fig. 3 ('User Groups' and 'AllUsers' are used 

21 interchsrjceabiy herein). Fic. 15 shows the right panei of the 
adjninistratcrs station when the 'User Groups' iter. 1302 is selected. Ir. 
Fig. 15, a notebook panel is displayed on the right that contains three 
tabs - a Kembers tab 1514, a Subgroups tab 1516 and an Applet Permissions 
tab 151 B. The Members tab is selected in Fig. 15. The Members panel 

40 contains a list 1520 of the log-on identifications of all members that 
have been defined to the system. To create a new user (who will 
automatically gain membership into the presently selected group context • 
'User Group'), the administrator selects <NEW> from the list 1520, enters 
the appropriate information in the entry fields 1522 to the right of the 

45 list I and then clicks on the Create buttoin 1522. when an existing member 
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is selected from the list 1520, the attributes previously saved for that 
user are displayed at 1522. These attributes include the full name of the 
selected member, the member's system ID, password and any desired 
conunents. The attributes, except ID, m.ay be edited and the changes 
5 committed (but not Saved) by clicking the Modify button 1524, or the user 
may be removed from the system entirely by clicking the Delete button 
1526. Any pending change may be removed by selecting tfhe entry in the 
list 1520 and clicking the Undo button 1528-8- 

Fig. 16 shows the administrator's right panel that is displayed when 
the Subgroups tab. 1516 is selected. Subgroup list 1620 shows existing 
groups that ere subgroups of the item selected in the left panel, which is 
•User Group' in this example. Therefore, list 1620 displays all immediate 
subgroups of the 'Allusers' group. In the left panel, 'User Groups' is 
expanded. The subgroups shown in list 1620 are also the expanded items 
under 'User Groups' in left panel. In list 1620, a status field shows the 
present status of each subgroup, such as '! delete', 'I Modify, and '! 
Create'. An empty Status field in list 1620 indicates that the subgroup 
exists and no actions are pending to be saved. The ' i ' symbol indicates 
that the status is pending (not yet saved). Attributes for the subgroup 
selected in list 1620 appear in 1622. These attributes include the 
subgroup riame and desired comments about the subgroup. To create a new 
subgroup, the scministrator selects <NEW> from list 1620, enters the 
subgroup name and desired comments in 1622, and clicks the Create button 
1626. Psi entry of '! create <subgroup name>' then appears in list 1620 
as a pending action. To save all pending changes, the administrator 
clicks the Fiie button in the top menu bar and then Save (not shown). 

Fig. 17 shows the right panel that is displayed when the Applet 
30 Permissions tab 1518 is selected. List 1720 shows all names of all 

applets that have been defined to the system and the permission status 
(permit or deny access) that is cssianed to each applet for the group or 
subgroup (the current 'context') that is selected in the left panel. As 
with other notebook pages describee, an exclamation point indicates that 
35 the status depicted is a change that is pending a Save. In Fig. 17, the 

croup 'User Groups' is selected in the tree shown in the left panel, which 
corresponds tc the 'Allusers* croup shown in Fic. j. Since all users of 
the system have membership in the 'User Groups' group, list 1720 shows the 
global default permissions for all system users for each applet defined to 
40 the system. For example, the default permission status for applet 

'Database Explorer' is 'permit' (mecning access is permitted) for the 
'Allusers' group; similarly, the default permission status for all users 
to applet TFT? is 'deny (access is denied). The administrator can change 
the permission status of an applet by selecting it in list._1720 and 
45 clicking the 'Permit group access' button 1730 or the 'Deny group access' 
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button 1732. Furthermore, regardless of an applet's permission status for 
the selected context, an administrator can select an applet from 1720 and 
click the 'Run/Customize' button 1734 to execute the usfer applet under the 
selected context. The panel region previously showing the notebook for 
the current context then becomes occupied by the executing user applet. 
If the user applet happens to be a configuration applet for other 
software, the administrator can then save software preferences (through 
the configuration applets unique facilities provided for this function) 
which will then be saved as the software's default preferences for the 
selected context. If the applet is an end user applet, the functions are 
the same, except the end user applet loses and saves it own preferences 
rather than preferences for a separate piece of software. 

Fig. 18 shows the complete expansion of the administrators left 
panel subgroup tree beneath 'User Groups'. Immediately beneath 'User 
Groups', there are two subgroups 'Administrators', a default subgroup that 
cannot be removed, and 'IBM', a subgroup defined by the administrator. 
The 'IBM' subgroup has also been expanded and contains three subgroups 
'Hardware', 'Services' and 'Software'. The 'Software' subgroup has been 
expanded and contains at least one subgroup called ' DeveiopTiient ' . The 
'Development' subgroup contains at "aeest one subgroup called NCoD. 
Subgroup 'NCoD' contains a number of subgroups, such as ConfigFW 58. which 
have no children. Also in this example, subgroup 'Development' is 
selected in the expansion tree. Since 'Development' is not at the top of 
the tree hierarchy (the 'All Users' group), the notebook shown in the 
right panel is somewhat different from that of Fig. 15 when 'User Groups' 
was selected, because all users are not automatically a member of 
'Development', as they are of 'User Groups'. The list 1620 displays the 
log-on system IDs of all system members. The status beside each user ID 
in list 1820 shows whether the user owns a membership in the 'Development* 
subgroup. A status of 'yes' indicates that the user is a member of the 
'Development' subgroup, 'no* indicates that the user is not a member of 
the 'Development' subgroup, and 'inherited' indicates that the user 
inherits membership within the 'Development' group by belonging to at 
least one of Development's subgroups further down the tree. A user's 
membership status for a subgroup is modified by the aciriinistrator by 
selecting the user in list 1820 and then clicking on the 'Add to Group' 
button 1836 or 'Kemove from group' button 1838. If the administrator 
wishes to create a new system user, or modify or delete an existing 
member, the administrator clicks on the 'Create/Modify/Delete Users' 
button button 1840. This action brings up the notebook page shown in 
Fig. IS. The right panel of Fig. 19 is similar to that of Fig. 15 and 
allows the administrator to create a new system user by selecting NEW in 
list 1920 and then clicking the 'Create' button. Similarly, the 
administrator can modify or delete an exiFting system user by selecting 
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the appropriate user in list 1920 ar.d clicking the appropriate button 
'Modify or 'Delete'. Users created at any subgroup context (e.g., 
'Development') not only gain the required membership in 'User Groups', but 
are automatically made members of the selected subgroup. Changes to the 
5 system user list are saved by clicking on 'File' in the top menu, bar of 
the right panel and then clicking 'Save' (not shown). 

Fig. 20 shows a direct way to get to the system user list for 
editing, rather than through the group and subgroup route shown in Fig. 
10 19. TO get to Fig. 20, the administrator selects 'Users' 1304 in .the-.left 
panel of Fig. 13, for example. Then in the right panel shown in Fig. 20, 
the administrator can create new users and modify and delete existing 
users, as already discussed., without being in the context of a group or 
subgroup . 

15 

In Fig. 21, the administrator wishes to work directly on information 
corresponding to a user whose ID is 'colieend'. To do this the 
acministrator expar.ds 'Users' in the left panel of Fig. 21, for example, 
and then selects 'colieend', as showr.. The right pemel then appears, 
20 which is devoted to colieend' s system information. The right panel 

contains three tabs. The first tab 'User Information' is selected by 
default. In this tab, the administrator can modify the name, ID, password 
and comments pertaining to colieend. 

25 Fig. 22 shows the right panel when the administrator selects the 

second tab 'Group Memberships'. List 2220 shows all subgroups of which 
colieend is a member. The subgroups are shown in this list in the order 
of subgroup priority for colieend. The administrator can change 
colleend's subgroup priority by selecting a subgroup and using the up and 

30 down arrows to the right of list 2220 to move the seliected subgroup up or 
down the list £s desired. If the administrator clicks the 'Add/Hemode 
Group Memberships' button 2242 in Fig. 22, the right panel then shows the 
contents of Fig. 23. The Fig. 23 right panel allows the administrator to 
modify the subgroups of which colieend is a member. The administrator 

35 does this by clicking on an appropriate box corresponding to a desired 

subgroup. If the box is clear <mecnir)c that colieend is not presently a 
member) , thei: a check mark is adcec zc the box to include colieend in the 
subgroup. Conversely, if a subgroup box is already checked, then clicking 
on the box clears the check mark and removes colieend from the subgroup. 

40 

Fig. 24 shows the right panel when the Applet Permissions tab of 
Fig. 22 is selected by the administrator. In this right panel, list 2420 
displays all applets that are defined in the system. The administrator 
can permit access by colieend to an applet by selecting the applet in list 
45 2420 and then clicking the 'Permit user access' button 2430; or access can 
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be denied to colieend by clicking the 'Deny user access button' 2432. The • 
administrator can also launch an applet in the context of colieend by 
clicking the 'Run/Customize' button 2434. when this is 'done, the applet 
selected in list 2420 is launched in the right panel. The administrator 
5 can then modify any preferences that the applet allows and save the 

preferences in the manner provided by the applet. A typical scenario here 
is for the administrator to launch a configuration applet then to fill in 
a variety of preference fields. However, if a separate configuration is 
not provided for a user applet, the administrator can launch the user 

10 applet in the context of a user and set preferences from the user applet. 

A typical scenario here is for the administrator to select a group or user 
context and then to launch the user applet as described above. The 
administrator can then typically modify preferences from an options menu 
and save them in any manner provided by the user applet. For example^ 

15 typically, the user preferences are saved when the options dialogue is 
closed, or the user applet may provide other methods of saving the 
preferences. In any event, since the ecministrator is running the applet 
in the context of colieend in this example, the preferences set up by the 
administrator through the user applet are saved on the server as if 

20 colieend had entered them directly herself by running the applet. 

Not shown in the figures is a scenario whereby a user can modify 
some preferences that pertain to a user applet. For example, a user 
applet may allow a user to select a window background colour or fonts and 

25 font sizes, so that each system user can individualize the applet to some 
extent when the user applet executes on the users desktop. In this case, 
the user modified preferences are saved in the same way as they are when 
the administrator runs the user applet. One difference, however, is that 
the administrator can run user applets to set preferences in group 

30 contexts, whereas users can only affect preferences for their individual 
context . 
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CLAIMS 

1. In a network system comprising a network interconnecting a server 
5 and a plurality of user stations, a method of managing desktops on the 

user stations from the server, wherein the server stores a plurality of • 
user applications for downloading to user stations, and further stores 
access permissions for the applications for each user, said method 
comprising steps of: 

10 

receiving at the server a log-on request including a user identifier 
from a user station; 

using the identifier to build a list of applications for which the 
15 user has access permission; 

downloading to the station the list of applications for which the 
user has access permissions; and 

20 displaying on a portion of the desktop objects corresponding to each 

application in the list, said objects when selected by the user being 
operative to request a download of the corresponding application to the 
user station. 

25 2. The method of claim 1 further comprising steps of: 

using the user identifier to built en icon on the desktop that 
represents a user application specified by the user at an earlier time; 

30 for each user desktop icon specified by the user at an earlier time 

that corresponds to a user application, checking the access permission for 
the user to the user application; and 

omitting from the desktop any such user- specif ied icon corresponding 
25 to a user application to which the user does not have access permission. 

2. iTi & networx system comprisir^c £ r;6twork interconnect irjo a server 
and a plurality of user stations, an apparatus for managing desktops on 
the user stations from the server, said apparatus comprising: 

40 ; 

means fori receiving at the server a log -on request including a user 
identifier from a user station; 

means for using the identifier to build a list of applications for 
4 5 which the user has access permission; 



wo 99/57863 



31 



PCT/GB98/03866 



means for downloading to the station the list of applications for 
which the user has access permissions; and 

means for displaying on a portion of the desktop objects 
corresponding to each application in the list, said objects when selected 
by the user being operative to request a download of the corresponding 
application to the user station, 

4. A computer program product stored in a computer readable storage 
medixam for, when run oh a computer, carrying out in a network system 
comprising a network interconnecting a server and a plurality of user 
stations, a method of managing desktops on the user stations from the 
server, wherein the server stores s plurality of user applications for 
downloading to user stations, and further stores access permissions for 
the applications for each user, said method comprising steps of: 

receiving at the server a loc-on request including a user identifier 
from a user station; 

using the identifier to build a list of applications for which the 
user has access permission; 

downloading to the station the list of applications for which the 
user has access permissions; and 

displaying on a portion of the desktop objects corresponding to. each 
application in the list, said objects when selected by the user being 
operative to request a download of the corresponding application to the 
user station. 
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